- Wi-Fi Standalone
- Wi-Fi Network Controller
- Wi-Fi Link Controller
- Wi-Fi RF Front-End Components
- Get Started with Wi-Fi for Linux
- Get Started with Wi-Fi for MCUs
- Wi-Fi Smart Devices
- Wi-Fi Interoperability
- PIC32MZ-W1 Wi-Fi® SoC and Module Family
- PIC32MZ-W1 Trust&GO Wi-Fi® Module
- Low Power Wide Area Networks
- Embedded Wireless
- Design Partners
- 3rd Party Module Partners
- RED Frequently Asked Questions
- Over-the-Air Updates
- Zigbee® Solutions
- Software Vulnerability Response
- Embedded Wi-Fi
Amnesia Network Stack (TCP/IP) Vulnerability
Microchip is aware of a Network software (TCP/IP) security vulnerability known as Amnesia:33, originally published by the US Department of Homeland Security (DHS) and CERT. Download the white paper to get additional information about this vulnerability. The vulnerability, which contains about 28 CVEs, affects TCP/IP software stacks used in embedded systems.
We take security issues seriously, and we are currently working to mitigate the issues and provide solutions for our clients. We have determined that this vulnerability affects some of our networking products. This page will provide the latest insight and may be updated from time to time.
Amnesia Affected Products
Our general-purpose microcontrollers are programmable with third-party TCP/IP stacks. We advise you to verify your applications against the white paper referred to above. Microchip’s distributed software and products affected by Amnesia and a proposed resolution are listed in the table below.
|Device or Software||Source||Vulnerabilities Affected||Resolution|
|WINC1500/WINC3400||Self-Disclosure||CVE-2020-13987 (FSCT-2020-0009) |
|Fix developed in ATWINC3400 Firmware v1.4.1|
and ATWINC1500 Firmware v19.7.3.
Preprogrammed modules with latest firmware expected in 2021.
|MPLAB® Harmony v3 Framework||Self-Disclosure||CVE-2020-17439|
|Fix developed, available in next version 3.7.0+|
|MPLAB Code Configurator (MCC) Framework||Self-Disclosure||CVE-2020-17470 (FSCT-2020-0025)||Fix developed, available in version v2.2.14, Feb 2021|
|Microchip Libraries for Applications (MLA) Framework||Self-Disclosure||Same as WINC1500/WINC3400||Fix developed in ATWINC3400 Firmware v1.4.1 |
and ATWINC1500 Firmware v19.7.3
|Legacy 6LowPAN solutions||Self-Disclosure||Likely. Uses Contiki OS.||Fix not planned|
|WILC1000/WILC3000 Linux® Solution||Self-Disclosure||Not affected|
|WILC1000/WILC3000 RTOS Solution||Self-Disclosure||Not affected|